<?php

if(!defined('IN_refrigeratory')) {
	exit('Access Denied');
}

$operation = $_REQUEST["operation"];
$operations = array("login", "logout", "change_password", "add", "update", "delete","getUserName");
//if ($fis_admin)
	$operations = array_merge($operations, array("get_users", "get_groups"));
if (!in_array($operation, $operations)){
	echo '{"success":false, "info":"request params invalid"}';
	exit;
}

if ($operation == "login"){
	$login = $_REQUEST['login'];
	$pwd = $_REQUEST['password'];
	$login = md5($login);
	$pwd = md5($pwd);
	
	$id_user = get_value_from_sql("select id_user from t_user where login ='$login' and password ='$pwd'", "id_user");
	if ($id_user){
		$sql = "select name from t_user where id_user = '$id_user'";		
		$name = get_value_from_sql($sql,"name");
		$sql = "select id_role from t_user where id_user = '$id_user'";
		$id_role = get_value_from_sql($sql,"id_role");
		$_SESSION["uid"] = $id_user;
		$_SESSION["uname"] = $name;
		$_SESSION["role"] = $id_role;
		
		$date = date("Y-m-d H:i:s");
		$identify = md5($date.$name);	
		execute_sql("UPDATE `t_user` SET identify='$identify' WHERE id_user='$id_user'");		
		echo '{"success": true , "info":"'.$identify.'"}';	
	}
	else{
		echo '{"success": false, "info": "用户名或密码错误"}';
	}
}

else if ($operation == "logout"){
	session_unset();
	echo '{"success": true}';
	addlog("注销");
}
else if($operation == "change_password"){
	//update password
	$oldpass = $_REQUEST["oldpass"];
	$newpass = $_REQUEST["newpass"];
	$username = $fis_username;
	$username = str_replace(" ", "", $username);
	
	$res = uc_user_edit($username, $oldpass, $newpass, "");
	if ($res >= 0){
		echo '{"success": true}';
		
	}
	else{
		echo '{"success": false,"info":"'.$user_msgs[$res].'"}';
	}
}
else if($operation == "get_users"){
	echo get_json_from_sql("SELECT uid, username, gid, lids ,pwd FROM `t_user` ORDER BY username");
}
else if($operation == "get_groups"){
	echo get_json_from_sql("SELECT gid, name FROM `tb_group` ORDER BY gid");
}
else if($operation == "add"){
	$username = $_REQUEST["username"];
	$gid = $_REQUEST["gid"];
	$lids = $_REQUEST["lids"];
	$pwd = $_REQUEST["pwd"];
	$is_exist = get_rownum_with_sql("SELECT uid FROM `t_user` WHERE username='$username'");
	if ($is_exist){
		echo '{"success": false, "info": "用户名已存在，操作失败"}';
		die();
	}
	execute_sql("INSERT INTO `t_user`(username, gid, lids , pwd ) VALUES ('$username', '$gid', '$lids' , '$pwd')");
	$uid = get_value_from_sql("SELECT uid FROM `t_user` WHERE username = '$username'","uid");
	update_lsttousr($uid, $lids);
	addlog("添加用户:".$username);
	echo '{"success": true}';
	
}
else  if($operation == "update"){
	$uid = $_REQUEST["uid"];
	$username = $_REQUEST["username"];
	$gid = $_REQUEST["gid"];
	$lids = $_REQUEST["lids"];
	$pwd = $_REQUEST["pwd"];
	$is_exist = get_rownum_with_sql("SELECT uid FROM `t_user` WHERE username='$username' AND uid!='$uid'");
	if ($is_exist){
		echo '{"success": false, "info": "用户名已存在，操作失败"}';
		die();
	}
	$old_lids = get_value_from_sql("SELECT lids FROM `t_user` WHERE uid='$uid'", "lids");
	execute_sql("UPDATE `t_user` SET username='$username', gid='$gid', lids='$lids',pwd ='$pwd' WHERE uid='$uid'");
	if ($old_lids != $lids){
		update_lsttousr($uid, $lids);
	}
	addlog("更新用户:".$username);
	echo '{"success": true}';
}
else if($operation == "delete"){
	$uid = $_REQUEST["uid"];
	$username = get_value_from_sql("SELECT username FROM t_user WHERE uid= $uid","username");
	execute_sql("DELETE FROM `t_user` WHERE uid='$uid'");
	update_lsttousr($uid, "");
	echo '{"success": true}';
	addlog("删除用户:".$username);
}
?>